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ABSTRACT 



An apparatus and method for protecting BIOS stored 
on a direct access storage device into a personnal com- 
puter system. The personal computer system comprises 
a system processor, a system planar, a random access 
main memory, a read only memory, a protection means 
and at least one direct access storage device. The read 
only memory includes a first portion of BIOS and data 
representing the type of system processor and system 
planar I/O configuration. The first portion of BIOS 
initializes the system and the direct access storage de- 
vice, and resets the protection means in order to read in 
a master boot record into the random access memory 
from a protectable partition on the direct access storage 
device. 

32 Claims, 13 Drawing Sheets 
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/operating system and the device to relieve the user of 
APPARATUS AND METHOD FOR PREVENTING the concern about the characteristics of hardware de- 
UNAUTHORIZED ACCESS TO BIOS IN A vices. Eventually, the code developed into a BASIC 

PERSONAL COMPUTER SYSTEM input/output system (BIOS), for allowing new devices 

5 to be added to the system, while insulating the applica- 
CROSS REFERENCE TO RELATED PATENT tion program from the peculiarities of the hardware. 

APPLICATIONS The importance of BIOS was immediately evident be- 

The present patent application is one of a group of cause it freed a device driver from depending on spe- 
copending applications which concern the same overall _ cific device hardware characteristics while providing 
personal computer system but which individually claim 10 the device driver with an intermediate interface to the 
different inventive concepts embodied in such personal device. Since BIOS was an integral part of the system 
computer system. These related patent applications and controlled the movement of data in and out of the 
were filed on the same date, namely Aug. 25, 1989, are system processor, it was resident on the system planar 
specifically incorporated by reference herein, and are and was shipped to the user in a read only memory 
more particularly described as follows: 15 (ROM). For example, BIOS in the original IBM Per- 

(1) Application Ser. No. 07/399,631, entitled "An sonal Computer occupied 8K of ROM resident on the 
Apparatus and Method for Loading BIOS from a Dis- planar board. 

kette in a Personal Computer System", the inventors As new models of the personal computer family were 
being Bealkowski et al; introduced, BIOS had to be updated and expanded to 

(2) Application Ser. No. 07/398,865, entitled "Initial 20 include new hardware and I/O devices. As could be 
BIOS Load for a Personal Computer System", the in- expected, BIOS started to increase in memory size. For 
ventors being Bealkowski et al; and example, with the introduction of the IBM PER- 

(3) Application Ser. No. 07/398,860, entitled "An SONAL COMPUTER AT, BIOS grew to require 32K 
Apparatus and Method for Decreasing the Memory bytes of ROM. 

Requirements for BIOS in a Personal Computer Sys- 25 iQ&&y t with the development of new technology, 
tern", the inventors being Bealkowski et al. personal computer systems of the Family II models are 

FIELD OF THE INVENTION growing even more sophisticated and are being made 

available to consumers more frequently. Since the tech- 
This invention relates to personal computer systems no i ogy i s rapidly changing and new I/O devices are 
and in particular to a method and device for protecting 30 ^ added tQ the computer systems, modifi- 

BIOS stored on a mass storage device in a personal tQ tfae BIQS ^ a significant problem in 

computer system. ^ development cycle of the personal computer sys- 

BACKGROUND DISCUSSION tem. 
_ . ' ™ , „ For instance, with the introduction of the IBM Per- 

Personal computer systems in general and IBM per- 35 System/2 with MICROCHANNEL architecture, 
sonal computers m particular have attained widespread ncw BIOS , known as advanced BIOS, or 

use for providing computer power to many segments of ABIOS, was developed. However, to maintain software 
today's modern society Personal computer systems can com ^ bilit B IOS ftom the Famtfy I models had to be 
usually be defined as a desk top, floor standing, or por- ? °™P , "*f: °tr " „ ^ ■ lc -f* F fttTll i v T mn<5 
^cLrocon.puter.hatconsisUofasystemunit^ 40 ^ ^^^^^ liSl 
ing a single system processor, a display monitor, a key- „ , t • J* ,__ t trt ^ 

boU one or more diskette drives, a fixed disk storage, ?™ C p ^^^ 

and an optional printer. One of the distinguishing char- IBM PERSONAL COMPUTER AT only J^bytes 
acteristics of thie systems is the use of a motherboard of ROM were resident on 

or system planar to electrically connect these compo- 45 natelv, the system could be expanded to 96K bytes of 
nen* together. These systems are designed primarily* W>M. Urfortunately because of system com m 
give independent computing power to a single user and ^£2*™** * thc ^".SP^r iSS 
are inexpensively priced for purchase by individuals or for BIOS. Luddy, even with he addition of ABIOS 
small busmesses Examples of such personal computer ABIOS and CBIOS could still squeeze into 96K . of 
systems are IBM's PERSONAL COMPUTER AT and 50 ROM. However, only a small percentage of the 96K 
IBM's PERSONAL SYSTEM/2 Models 25, 30, 50, 60, ROM area remained I available for expansion. WiOi the 
70 and 80 addition of future I/O devices, CBIOS and ABIOS will 

These systems can be classified into two general fami- eventually run out of ROM space. Thus, new I/O tech- 
lies. The first family, usually referred to as Family I noiogy will not be able to be easily integrated within 
Models, use a bus architecture exemplified by the IBM 55 CBIOS and ABIOS. ^ 
PERSONAL COMPUTER AT and other "IBM com- Due to these problems, plus the desire to make modi- 
patible" machines. The second family, referred to as fications in Family II BIOS as late as possible m the 
Family II Models, use IBM's MICROCHANNEL bus development cycle, it became necessary to off load 
architecture exemplified by IBM's PERSONAL SYS- portions of BIOS from the ROM. This was accom- 
TEM/2 Models 50 through 80. 60 pushed by storing portions of BIOS on a mass storage 

Beginning with the earliest personal computer system device such as a fixed disk. Since a disk provides writing 
of the family I models, such as the IBM Personal Com- as well as reading capabilities, it became feasible to 
puter, it was recognized that software compatibility modify the actual BIOS code on the disk. The disk, 
would be of utmost importance. In order to achieve this while providing a fast and efficient way to store BIOS 
goal, an insulation layer of system resident code, also 65 code, nevertheless greatly increased the probability of 
known as "microcode", was established between the the BIOS code being corrupted. Since BIOS is an inte- 
hardware and software This code provided an opera- gral part of the operating system, a corrupt BIOS could 
tional interface between a user's application program- lead to devastating results and in many cases to com- 
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plete failure and non-operation of the system. Thus, it 
became quite apparent that a means for preventing un- 
authorized modification of the BIOS code on the fixed 
disk was highly desireable. 

SUMMARY OF THE INVENTION 

The present invention has been developed for the 
purpose of solving the above mentioned problems. Ac- 
cordingly, the invention has as one of its objects a 
means for preventing unauthorized changes to BIOS 
stored on a direct access storage device in a personal 
computer system. 

Another objective of the present invention is to pro- 
vide protection for disk loaded BIOS which is inexpen- 
sive to implement and substantially transparent to the 
end user so that it does not detract from the commercial 
acceptance of the computer system. 

Broadly considered, a personal computer system 
according to the present invention comprises a system 
processor, a random access memory, a read only mem- 
ory, and at least one direct access storage device. A 
direct access storage device controller coupled between 
the system processor and direct access storage device 
includes a means for protecting a region of the storage 
device. The protected region of the storage device in- 
cludes a master boot record and a BIOS image. In re- 
sponse to a reset signal, the protection means permits 
access to the protected region to allow the master boot 
record to be loaded into random access memory. In 
operation, the master boot record further loads the 
BIOS image into random access memory. BIOS, now in 
random access memory, is executed and generates a 
second signal which activates the protection means to 
prevent access to the region on the disk containing the 
master boot record and the BIOS image. BIOS then 
boots up the operating system to begin operation of the 
system. 

In particular, the read only memory includes a first 
portion of BIOS. The first portion of BIOS initializes 
the system processor, the direct access storage device 
and resets the protection means to read the master boot 
record from the protected region or partition on the 
direct access storage device into the random access 
memory. The master boot record includes a data seg- 
ment and an executable code segment. The data seg- 
ment includes data representing system hardware and a 
system configuration which is supported by the master 
boot record. The first BIOS portion confirms the master 
boot record is compatible with the system hardware by 
verifying the data from the data segment of the master 
boot record agrees with data included within the first 
BIOS portion representing the system processor, sys- 
tem planar, and planar I/O configuration. 

If the master boot record is compatible with the sys- 
tem hardware, the first BIOS portion vectors the sys- 
tem processor to execute the executable code segment 
of the master boot record. The executable code segment 
confirms that the system configuration has not changed 
and loads in the remaining BIOS portion from the direct 
access storage device into random access memory. The 
executable code segment then verifies the authenticity 
of the remaining BIOS portion, vectors the system pro- 
cessor to begin executing the BIOS now in random 
access memory. BIOS, executing in random access 
memory, generates the second signal for protecting the 
disk partition having the remaining BIOS and then 
boots up the operating system to begin operation of the 
personal computer system. The partition holding the 



remaining BIOS is protected to prevent access to the 
BIOS code on disk in order to protect the integrity of 
the BIOS code. 

5 BRIEF DESCRIPTION OF THE DRAWINGS 

The foreground aspects and other features of the 
present invention are explained in the following written 
description, taken in connection with the accompanying 
drawings, wherein: 
10 FIG. 1 illustrates a cut away view of a personal com- 
puter system showing a system planar board connected 
to a plurality of direct access storage devices; 

FIG. 2 shows a system block diagram for the personal 
computer system of FIG. 1; 
15 FIG. 3 is a memory map for the ROM BIOS included 
on the planar board; 

FIG. 4 is a flowchart describing the overall process 
for loading a BIOS image from a direct access storage 
device; 

20 FIG. 5 illustrates the record format for the master 
boot record; 

FIG. 6A is a flowchart describing the operation of 
the IBL routine; 

FIG. 6B is a flowchart showing the steps for loading 
25 a BIOS image from a fixed disk; 

FIG. 6C is a flowchart showing the steps for loading 
the BIOS image from a diskette; 

FIG. 6D is a flowchart showing greater detail in 
checking the compatibility between the master boot 
30 record and the planar/processor; 

FIG. 7 is a detailed flowchart showing the operation 
of the executable code segment of the master boot re- 
cord; 

FIG. 8 is a block diagram for the controller of the 
35 direct access storage device; 

FIG. 9 is a flow diagram showing the operation of a 
disk controller to protect the IBL media stored on a 
disk drive; and 
FIG. 10 is a flowchart showing a method for protect- 
40 ing the BIOS image. 

DESCRIPTION OF A PREFERRED 
EMBODIMENT 

The following detailed description is of the best pres- 

45 ently contemplated mode for carrying out the inven- 
tion. This description is not to be taken in a limiting 
sense but is made merely for the purpose of illustrating 
the general principles of the invention since the scope of 
the invention is best defined by the appending claims. 

50 Referring now to the drawings, and in particular to 
FIG. 1, there is shown a cutaway version of a personal 
computer system 10, having a plurality of DASD (Di- 
rect Access Storage Devices) 12-16 connected to a 
system or planar board 24 through a plurality of I/O 

55 slots 18. A power supply 22 provides electrical power 
to the system 10 in a manner well known. The planar 
board 24 includes a system processor which operates 
under the control of computer instructions to input, 
process, and output information. 

60 In use, the personal computer system 10 is designed 
primarily to give independent computing power to a 
small group of users or a single user and is inexpensively 
priced for purchase by individuals or small businesses. 
In operation, the system processor operates under an 

65 operating system, such as IBM's OS/2 Operating Sys- 
tem or PC-DOS. This type of operating system includes 
a BIOS interface between the DASD 12-16 and the 
Operating System. A portion of BIOS divided into 
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modules by function is stored in ROM on the planar 24 program, such as SET Configuration, is executed. The 
and hereinafter will be referred to as ROM-BIOS. BIOS purpose of the SET Configuration program is to store 
provides an interface between the hardware and the values characterizing the configuration of the system in 
operating system software to enable a programmer or NVRAM. Thus for a system that is configured prop- 
user to program their machines without an indepth 5 erly, the model and submodel values in NVRAM will 
operating knowledge of a particular device. For exam- be equal respectively to the model and submodel values 
pie, a BIOS diskette module permits a programmer to stored in ROM. If these values are not equal, this indi- 
program the diskette drive without an indepth knowl- cates that the configuration of the system has been mod- 
edge of the diskette drive hardware. Thus, a number of ified. Reference is made to FIG. 6D, where this feature 
diskette drives designed and manufactured by different 10 in combination with loading BIOS is explained in 
companies can be used in the system. This not only greater detail. 

lowers the cost of the system 10, but permits a user to Continuing, our discussion with reference to FIG. 2, 

choose from a number of diskette drives. the bus controller 34 is further coupled to I/O slots 18, 

Prior to relating the above structure to the present the serial/parallel interface 40 and peripheral controller 
invention, a summary of the operation in general of the 15 42 by an I/O planar bus 43. The peripheral controller 42 
personal computer system 10 may merit review. Refer- is further connected to a keyboard 44, mouse 46, diag- 
ring to FIG. 2, there is shown a block diagram of the nostic panel 47, and diskette controller 64. Beside the 
personal computer system 10 FIG. 2 illustrates compo- NVRAM 58, the serial/parallel interface 40 is further 
nents of the planar 24 and the connection of the planar connected to a serial port 48 and parallel port 50 to 
24 to the I/O slots 18 and other hardware of the per- 20 input/output information to a printer, hard copy device, 
sonal computer system. Located on the planar 24 is the etc. As is well known in the art, the local bus 28 can also 
system processor 26 comprised of a microprocessor be connected to a cache controller 52, a cache memory 
which is connected by a local bus 28 to a memory con- 68, a co-processor 54, and a DMA controller 56. 
troller 30 which is further connected to a random access The system processor 26 controls its internal opera- 
memory (RAM) 32. While any appropriate micro- 25 tion as well as interfacing with other elements of the 
processor can be used, one suitable microprocessor is personal computer system 10. For example, system 
the 80386 which is sold by Intel. processor 26 is shown connected to a small computer 

While the present invention is described hereinafter system interface (SCSI) I/O card 60 which is further 

with particular reference to the system block diagram connected to a DASD, such as a fixed disk drive 62. It 

of FIG. 2, it is to be understood at the outset of the 30 is to be understood that other than a SCSI disk drive 

description which follows, it is contemplated that the can be used as a fixed disk in accordance with the pres- 

apparatus and methods in accordance with the present ent invention. In addition to the fixed disk 62, the sys- 

invention may be used with other hardware configura- tern processor 26 can be interfaced to the diskette con- 

tions of the planar board For example, the system pro- troller 64 which controls a diskette drive 66. With re- 

cessor could be an Intel 80286 or 80486 microprocessor. 35 spect to terminology, it is also to be understood that the 

Accessible by the processor is a planar identification term "hardfile" describes fixed disk drive 62 while the 
number (planar ID). The planar ID is unique to the term "floppy" also describes diskette drive 66. 
planar and identifies the type of planar being used. For Previous to the present invention, ROM 36 could 
example, the planar ID can be hardwired to be read include all of the BIOS code which interfaced the oper- 
through an I/O port of the system processor 26 or by 40 ating system to the hardware peripherals. According to 
using switches. Additionally, another I/O port of the one aspect of the present invention, however, ROM 36 
system processor 26 can be used to generate a reset is adapted to store only a portion of BIOS. This portion, 
signal using planar logic circuitry to the disk controller. when executed by the system processor 26, inputs from 
For instance, the reset signal can be initiated by soft- either the fixed disk 62 or diskette 66 a second or re- 
ware addressing the I/O port and activating planar 45 maining portion of BIOS, hereinafter also referred to as 
logic to generate the reset signal. a BIOS image. This BIOS image supersedes the first 

The local bus 28 is further connected through a bus BIOS portion and being an integral part of the system is 

controller 34 to a read only memory (ROM) 36 on the resident in main memory such as RAM 32. The first 

planar 24. portion of BIOS (ROM-BIOS) as stored in ROM 36 

An additional nonvolatile memory (NVRAM) 58 is 50 will be explained generally with respect to FIGS. 3-4 

connected to the microprocessor 26 through a serial/- and in detail with respect to FIGS. 6A-D. The second 

parallel port interface 40 which is further connected to portion of BIOS (BIOS image) will be explained with 

bus controller 34. The nonvolatile memory can be respect to FIG. 5, and the loading of the BIOS image 

CMOS with battery backup to retain information when- with respect to FIG. 7. Another benefit from loading a 

ever power is removed from the system. Since the 55 BIOS image from a DASD is the ability to load BIOS 

ROM is normally resident on the planar, model and directly into the system processor's RAM 32. Since 

submodel values stored in ROM are used to identify the accessing RAM is much faster than accessing ROM, a 

system processor and the system planar I/O configura- significant improvement in the processing speed of the 

tion respectively. Thus these values will physically computer system is achieved. 

identify the processor and planar I/O configuration. 60 The explanation will now proceed to the operation of 

The NVRAM is used to store system configuration the BIOS in ROM 36 and to the operation of loading the 

data. That is, the NVRAM will contain values which BIOS image from either the fixed disk or diskette. In 

describe the present configuration of the system. For general, a first program such as ROM-BIOS prechecks 

example, NVRAM contains information describing the the system and loads a BIOS master boot record into 

capacity of a fixed disk or diskette, the type of display, 65 RAM. The master boot record includes a data segment 

the amount of memory, time, date, etc. Additionally, having validation information and, being a loading 

the model and submodel values stored in ROM are means, a code segment having executable code. The 

copied to NVRAM whenever a special configuration executable code uses the data information to validate 
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hardware compatibility and system configuration. After to the newly loaded BIOS image in main memory, step 
testing for hardware compatibility and proper system 108. In particular, the BIOS image is loaded into the 
configuration, the executable code loads the BIOS address space previously occupied by ROM-BIOS, 
image into RAM producing a main memory resident That is if ROM-BIOS is addressed from EOOOOH 
program. The BIOS image succeeds ROM-BIOS and 5 through FFFFFH, then the BIOS image is loaded into 
loads the operating system to begin operation of the this RAM address space thus superseding ROM-BIOS 
machine. For purposes of clarity, the executable code Control is then transferred to POST Stage II which is 
segment of the master boot record will be referred to as included in the newly loaded BIOS image thus aban- 
MBR code while the data segment will be referred to as doning ROM-BIOS. POST Stage II, now in RAM, 
MBR data. 10 initializes and tests the remaining system in order to 

Referring to FIG. 3 there is a memory map showing load the operating system boot, steps 110-114. Before 
the different code modules which comprise ROM- Stage II POST transfers control to the operating sys- 
BIOS. ROM-BIOS includes a power on self test tem, Stage U POST sets a protection means for prevent- 
(POST) stage I module 70, an Initial BIOS Load (IBL) ing access to the disk partition holding the BIOS image. 
Routine module 72, a Diskette module 74, a hardfile IS Reference is made to FIGS. 8-10 for a detailed discus- 
module 76, a video module 78, a diagnostic-panel mod- sion of this protection process. It is noted that during a 
ule 80, and hardware compatibility data 82. Briefly, warm start, the processor is vectored to step 108, by- 
POST Stage 1 70 performs system pre-initialization and passing steps 100-106. 

tests. The IBL routine 72 determines whether the BIOS For clarity, it is appropriate at this point to illustrate 
image is to be loaded from disk or diskette, checks com- 20 a representation for the format of the master boot re- 
patibility and loads the master boot record. Diskette cord. Referring to FIG. 5, there is shown the master 
module 74 provides input/output functions for a dis- boot record. The boot record includes the executable 
kette drive. Hardfile module 76 controls I/O to a fixed code segment 120 and data segments 122-138. The 
disk or the like. Video module 78 controls output func- MBR code 120 includes DASD dependent code respon- 
tions to a video I/O controller which is further con- 25 sible for verifying the identity of the ROM-BIOS, 
nected to a video display. Diagnostic panel module 80 checking that the IBL boot record is compatible with 
provides control to a diagnostic display device for the the system, verifying the system configuration, and 
system. The hardware compatibility data 82 includes loading the BIOS image from the selected DASD (disk 
such values as a system model and submodel values or diskette). The data segments 122-138 include infor- 
which are described later with respect to FIG. 5. 30 mation used to define the media, identify and verify the 
Referring now to FIG. 4, there is shown a process master boot record, locate the BIOS image, and load 
overview for loading a BIOS image into the system the BIOS image. 

from either the fixed disk or the diskette. When the The master boot record is identified by a boot record 
system is powered up, the system processor is vectored signature 122. The boot record signature 122 can be a 
to the entry point of POST Stage I, step 100. POST 35 unique bit pattern, such as a character string "ABC", in 
Stage I initializes the system and tests only those system the first three bytes of the record. The integrity of the 
functions needed to load BIOS image from the selected master boot record is tested by a checksum value 132 
DASD, step 102. In particular, POST Stage I initializes which is compared to a computed checksum value 
the processor/planar functions, diagnostic panel, mem- when the boot record is loaded. The data segments 
ory subsystem, interrupt controllers, timers, DMA sub- 40 further include at least one compatible planar ID value 
system, fixed disk BIOS routine (Hardfile module 76), 134, compatible model and submodel values 136. The 
and diskette BIOS routine (Diskette module 74), if nec- master boot record's planar ID value defines which 
essary. planar that the master boot record is valid for. Simi- 

After POST Stage I pre-initializes the system, POST larly, the master boot record's model and submodel 
Stage I vectors the system processor to the Initial BIOS 45 values define the processor and planar I/O configura- 
Load (IBL) routine included in the Initial BIOS Load tion respectively that the master boot record is valid 
module 72. The IBL routine first, determines whether for. It is noted that the boot record's signature and 
the BIOS image is stored on fixed disk or can be loaded checksum identify a valid master boot record, while the 
from diskette; and second, loads the master boot record boot record's planar ID, boot record's model and boot 
from the selected media (either disk or diskette) into 50 record's submodel comparisons are used to identify a 
RAM, step 104. The master boot record includes the boot record compatible with the system and to deter- 
MBR data and the MBR code. The MBR data is used mine if the system configuration is valid. Another value, 
for verification purposes and the MBR code is executed boot record pattern 124 is used to determine the validity 
to load in the BIOS image. A detailed description of the of the ROM-BIOS. The boot record pattern 124 is corn- 
operation of the IBL routine is presented with respect 55 pared to a corresponding pattern value stored in ROM. 
to FIGS. 6A-D. If the values match this indicates that a valid ROM- 

With continuing reference to FIG. 4, after the IBL BIOS has initiated the load of a BIOS image from the 
routine loads the master boot record into RAM, the selected media. 

system processor is vectored to the starting address of The following description further describes in greater 
the MBR code to begin execution, step 106. The MBR 60 detail each of the values in the master boot record and 
code performs a series of validity tests to determine the their functions: 

authenticity of the BIOS image and to verify the config- MBR Identifier (122): The first three bytes of the IBL 
uration of the system. For a better understanding of the boot record can consist of characters, such as "ABC", 
operation of the MBR code, attention is directed to This signature is used to identify a boot record. 
FIG. 7 of the drawings wherein the MBR code is de- 65 MBR Code Seqment (120): This code verifies the 
scribed in greater detail. compatibility of the boot record with the planar and 

On the basis of these validity tests, the MBR code processor by comparing corresponding planar id and 
loads the BIOS image into RAM and transfers control model/submodel values. If these values match, it will 
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load the BIOS image from the chosen media to system dia. Normally, there is only one pointer since the media 

RAM. If the system image (BIOS image loaded into image is stored as one contiguous block. On an IBL 

memory) checksum is valid and no media load errors diskette, the pointers are in track-head-sector format; on 

occur, the MBR code will transfer control to the POST disk the pointers are relative block address format. 

Stage II routine of the system image. 5 Media image block length (138): The media image 

MBR Pattern (U4): The first field of the IBL boot block length indicates the size (in sectors) of the block 

record data segment contains a pattern, such as a char- located at the corresponding image block pointer. In the 

acter string "ROM-BIOS 1989". This string is used to case of a 128 k contiguous media image, which includes 

validate the ROM-BIOS by comparing the Boot Pat- space for BASIC, this field is set to 256, indicating that 

tern value to the corresponding value stored in ROM 10 the BIOS image block takes up 256 sectors (512 bytes/- 

(ROM-Pattern). sector) starting at the media image block pointer loca- 

MBR Version Date (126): The master boot record tion. 
includes a version date for use by an update utility. Referring now to FIGS. 6A-D, there is shown a 
System Partition Pointer (128): The data segment detailed flow chart of the operation of the IBL routine, 
contains a media pointer to the beginning of the media 15 Under normal circumstances, the IBL routine loads the 
system partition area for use by Stage II POST. On an master boot record from the system fixed disk into 
IBL diskette, the pointer is in track-head-sector format; RAM at a specific address and then vectors the system 
on disk the pointer is in Relative Block Address (RBA) processor to begin executing the code segment of the 
format. master boot record. The IBL routine also contains pro- 
System Partition Type (130): The system partition 20 visions for a diskette default mode in which the master 
type indicates the structure of the media system parti- boot record can be loaded from diskette. However, the 
tion. There are three types of system partition struc- IBL routine does not allow the diskette default mode to 
tures— full, minimal and not present. The full system be performed if the system contains the IBL media on 
partition contains the setup utility and diagnostics in the system fixed disk and a valid password is present in 
addition to the BIOS image and master boot record. 25 NVRAM. The user has the option of setting the pass- 
The minimal system partition contains just the BIOS word in NVRAM. The purpose of preventing the dis- 
image and master boot record. It may occur where a kette default mode from being effected is to prevent 
system does not have access to a hardfile having an IBL loading an unauthorized BIOS image from diskette. In 
image, in this circumstance the system partition type other words, the diskette default mode is used only 
indicates not present. In this instance, IBL will occur 30 when a system fixed disk is not operational and the user 
from the diskette. These three system partition types has indicated (by not setting the password) the desire to 
allow flexibility in how much space the system partition be able to load from the diskette. If the IBL routine is 
takes up on the media. not able to load the master boot record from either 
Checksum value (132): The checksum value of the media, an error message is generated and the system is 
data segment is initialized to generate a valid checksum 35 halted. 

for the record length value (1.5 k bytes) of the master Referring now to FIG. 6A, under normal circum- 

boot record code. stances the system will contain a system fixed disk 

MBR Planar ID Value (134): The data segment in- which the IBL routine initiauzes, step 150. Assume for 
eludes a value, such as a string of words defining com- purposes of illustration that the fixed disk is configured 
patible planar IDs. Each word is made up of a 16 bit 40 for Drive C of the personal computer system. Similarly, 
planar ID and the string is tenninated by word value of assume Drive A is designated as the diskette drive. The 
zero. If a system's planar ID matches the planar ID IBL routine then examines Drive C to determine 
value in the master boot record, such as one of the whether it contains IBL media, step 152. Attention is 
words in the string, the IBL media image is compatible directed to FIG. 6B which describes in detail this pro- 
with the system planar. If the system's planar ID does 45 cess. The IBL routine starts reading from the fixed disk 
not match any word in the string, the IBL media image at the last three sectors and continues reading, decre- 
es not compatible with the system planar. menting the media pointer, for 99 sectors or until a valid 

MBR model and submodel values (136): The data master boot record is found. If a master boot record is 
segment includes values, such as a string of words defin- found, it is checked for system planar and processor 
ing compatible processors. Each word is made up of a 50 compatibility, step 156. If it is not planar or processor 
model and submodel value and the string is terminated compatible, then an error is reported, step 158. Refer- 
by a word value of zero. If a system's model and sub- ring back to step 152, if no master boot record is found 
model value (stored in ROM) match one of the words in on the last 99 sectors of the fixed disk (primary hardfile), 
the string, the IBL media image is compatible with the an error is reported, step 154. 

system processor. If the ROM model and ROM sub- 55 Referring back to step 156, if a master boot record is 

model values do not match any word in the string, the found, a series of validity checks are performed to de- 

IBL media image is not compatible with the system termineif the master boot record is compatible with the 

processor. computer system. Additionally, the configuration of the 

MBR Map length (138): The IBL map length is ini- system is checked. Attention is directed to FIG. 6D 

tialized to the number of media image blocks In other 60 which discloses this process in greater detail If the boot 

words, if the BIOS image is broken into four blocks, the record is compatible with the planar ID, model and 

map length will be four indicating four block pointer/- submodel, and if furthermore the system configuration 

length fields. Usually this length is set to one, since the has not changed the master boot record is loaded and 

media image is one contiguous 128 k block. the code segment of the master boot record is executed, 

MBR Media Sector Size (138): This word value is 65 step 160. 

initialized to the media sector size in bytes per sector. Referring back to steps 154 and 158, if an error occurs 

Media image block pointer (138): The media image in loading the master boot record from the fixed disk or 

block pointer locates a system image block on the me- if a fixed disk is not available, the IBL routine deter- 
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mines if a valid password is included in NVRAM, step 
162. This password determines whether the BIOS 
image can be loaded from diskette. Note that the pass- 
word will exist only upon being installed by the user 
running a set features utility. If a password is installed in 5 
NVRAM, the BIOS image is prevented from being 
loaded from diskette, step 164. This permits the user to 
ensure the integrity of the operation of the system by 
causing the system to be loaded only with the BIOS 
image on the fixed disk. The password can take the form 1° 
of a string of characters stored in NVRAM. 

Referring back to step 162, if a valid password in 
NVRAM is not present, thus allowing BIOS image to 
be loaded from diskette, the IBL routine initializes the 
diskette subsystem, step 166. The IBL routine then 15 
determines if Drive A includes the IBL media on a 
diskette, step 168. If Drive A does not include IBL 
media, an error is generated to notify the user that an 
invalid diskette has been inserted in the drive, step 170. 
The system then halts, step 172. Attention is directed to 
FIG. 6C for a more detailed discussion of step 168. 

Referring back to step 168, after Drive A is checked 
for IBL media, the master boot record is loaded into 
RAM and the code segment included in the master boot 
record is executed, step 160. It is important to note that 
for diskette the IBL routine does not include the valid- 
ity checks that are used with the fixed disk system. The 
reason for the absence of the validity checks is for load- 
ing a non-compatible IBL image from diskette. For 3Q 
example, if a new processor is added to the system, a 
new BIOS image will be included on a diskette. Since a 
new processor will cause validity errors when loading 
from fixed disk, the IBL routine provides the ability to 
bypass these tests by loading the BIOS image from 35 
diskette. 

To recapitulate, the master boot record is checked for 
compatibility with the system through matching the 
system planar ID and processor model/submodel val- 
ues to the boot record values. For disk, this check is 
done first in the IBL routine 72 and then done again in 
the IBL boot record. The first check (in the IBL rou- 
tine) is done to make sure the boot record is compatible 
with the system; the second check (in the boot record) 
is done to ensure a compatible ROM passed control to 45 
the boot record. Notice that the check done in the disk 
boot record will never fail for a compatible ROM since 
the IBL routine will have already checked the compati- 
bility. In contrast, the first compatibility check is not 
done for diskette. The planar/processor compatibility is 50 
checked only during diskette boot record execution. 
This method allows future modifications in loading a 
new BIOS image from a reference diskette. 

In view of the description of the IBL routine of FIG. 
6A, the explanation will now proceed to a comprehen- 55 
sive and full understanding of the validity tests dis- 
cussed above. Referring to FIG. 6B, there is shown a 
detailed flowchart of step 152 of FIG. 6A, to determine 
if a valid master boot record is on drive C. The process 
begins by obtaining the drive parameters to enable the 60 
IBL routine to access drive C, step 200. An IBL load 
location is set to the last three sectors from the disk (the 
last three sectors normally contain the master boot re- 
cord), step 202. A load count indicating the number of 
attempts to read a master boot record from disk is set to 65 
1, step 204. Three sectors are read from disk at the IBL 
load location, step 206. Any disk drive errors are de- 
tected and if a disk drive read error occurs it is reported, 
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steps 208-210. The process then returns with an error 
indication, steps 212-214. 

Referring back to step 208, if no drive error occurs, 
the disk record is scanned for the master boot record 
signature, step 216. The boot record signature, such as 
the characters "ABC", are compared to the first three 
bytes of the disk record. If the disk record does have a 
valid boot record signature (characters "ABC") and the 
checksum computed from the disk record loaded into 
memory equals the boot record checksum, the disk 
record is indicated as being a valid boot record with no 
errors, step 218. The process then returns, step 214. 

Referring back to step 216, if the boot record signa- 
ture or checksum is invalid, the load count is incre- 
mented by 1, step 220. The load count is then compared 
to a predetermined constant such as 99, step 222. If 99 
attempts to read a boot record have resulted in failure, 
an error is indicated and the process returns, steps 224, 
212 and 214. If less than 99 attempts to read a boot 
record have occurred, the IBL load location is decre- 
mented by one and three new sectors are read from the 
new load location, steps 226 and 206. Thus if a valid 
IBL boot record cannot be loaded from the last 99 
sectors (equivalent to 33 copies) then an error condition 
is set and control returns to the IBL routine. 

Referring now to FIG. 6C, there is shown a detailed 
flow diagram for loading the master boot record from 
diskette on drive A. First, the diskette drive parameters 
to access drive A are retrieved, step 230. The IBL load 
location is set to the last 3 sectors on diskette (cylinder, 
head and sector'format), step 232. The last 3 sectors are 
read, step 234. If a diskette drive error is detected an 
error is indicated, steps 236-238. An error condition is 
set and control is returned to the IBL routine, steps 
240-242. 

Referring back to step 236, if no drive error is de- 
tected, the diskette record is checked for boot record 
signature and the checksum is calculated, step 244. If 
the boot record signature is missing or checksum is 
invalid, an error is indicated and control returned to the 
IBL routine, steps 244, 246, 240 and 242. If a valid boot 
record signature and valid checksum are detected an 
indication is set and control is returned to the IBL rou- 
tine, steps 248 and 242. It is noted that in a diskette load, 
the IBL routine does not search through the media as in 
the fixed disk load. Therefore, in a diskette load, the 
IBL media must be stored in a specific location of the 
diskette. 

Finally, FIG. 6D shows how the IBL routines tests 
for system planar and processor compatibility and for a 
proper system configuration. The master boot record is 
checked for compatibility with the system planar by 
comparing the boot record planar ID value to the sys- 
tem planar ID read by the system processor, step 260. If 
the system planar ID does not match the boot record 
planar ID value, this indicates this master boot record is 
not compatible with this planar. An error is indicated 
and control return to the IBL routine, steps 262, 264, 
and 266. 

If the master boot record is compatible with the pla- 
nar, the master boot record is checked for compatibility 
with the processor, step 268. The boot record model 
value and submodel value are compared to the model 
value and submodel value stored in ROM respectively. 
A mismatch indicates a new processor has probably 
been inserted and this boot record is not compatible 
with the new processor. An error is indicated and con- 
trol returned to the IBL routine, steps 270, 264 and 266. 
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If the master boot record is compatible with the planar International Business Machines Corporation. It is un- 
and processor, the process checks to determine if derstood that the disk controller 350 includes a micro- 
NVRAM is reliable, step 272. If NVRAM is unreliable, processor 352 operating under its own internal clock, 
an error is indicated and control returned to the IBL for controlling its internal operations as well as its inter- 
routine, steps 274 and 266. If NVRAM is reliable, the 5 facing with the other elements of the disk subsystem and 
system configuration is checked, step 276. A change in . the system processor. The microprocessor 352 is cou- 
system configuration is indicated if the model and sub- pled by a instruction bus 354 to a read only memory 
model values stored in NVRAM do not match the (ROM) 356 which stores instructions which the disk 
model and submodel values stored in ROM. Note that controller 350 executes to process and control the 
this last comparison will only indicate a configuration 10 movement of data between the disk drive and the sys- 
error. If a configuration error is indicated, an error is tern processor. It is also understood that disk controller 
generated for the user. This error notifies the user that 350 can include random access memory coupled to 
the configuration of the system has changed since the microprocessor 352 for the storage or retrieval of data- 
last time SET Configuration was run. The user is noti- The movement of data between disk controller 350 and 
fied of the changed configuration and control passed 15 the system processor is effected by data bus 358 and 
back to the IBL routine steps 278, 264, and 266. This instruction bus 360. A reset signal on line 362 resets or 
error is not fatal itself, but notifies the user that SET initializes the disk controller logic upon power-on se- 
Configuration (configuration program) must be exe- quence or during a system reset The reset signal is 
cuted. Referring back to step 276, if the system model/- generated by the planar board logic, and can take the 
submodel values match, an indication of comparability 20 form of a channel reset signal as provided by IBM's 
is set and the routine returns, steps 276, 274 and 266. MICROCHANNEL architecture as described in "IBM 
Thus, the compatibility between the master boot record PERSONAL SYSTEM/2 Seminar Proceedings", Vol- 
and the system are tested along with determining if the ume 5, Number 3, May 1987 as published by the Inter- 
system configuration has been modified. national Business Machines Corporation Entry Systems 
After the IBL routine loads the master boot record 25 Division. Furthermore," the reset signal can be effec- 
into RAM, it transfers control to the MBR code starting tively initiated by BIOS outputting a particular bit con- 
address. Referring to FIG. 7, the executable code seg- figuration to an I/O port of the system processor in 
ment of the master boot record first verifies the boot which the planar logic is connected, 
record pattern to the ROM pattern, step 300. If the As is well known, the microprocessor 352 provides 
pattern in the master boot record does not match the 30 all the interfacing and timing signals to effect the effi- 
pattern in ROM, an error is generated and the system cient transfer of data between the disk drive and the 
halts, steps 302 and 305. The check for equality between system processor. For clarity, only those signals impor- 
ROM and boot record patterns ensures that the master tant for the understanding of the invention are pres- 
boot record loaded from either the disk or diskette is ented. It is understood that other signals and lines, such 
compatible with the ROM on the planar board. Refer- 35 as data bus 364, are used but are not presented here since 
ring back to step 300, if the pattern in ROM matches the they are not important for the understanding of the 
pattern in the boot record, the MBR code compares the present invention. It is further understood that only 
system planar ID value, model and submodel value those programs or routines as stored in ROM 356 inv 
against the corresponding master boot record values, portant for the understanding of the present invention 
step 304. This process was discussed in greater detail 40 are explained with respect to FIG. 9. 
with respect to FIG. 6D. If the values don't match, the Referring now to FIG. 9, there is shown a flowchart 
master boot record is not compatible with the system diagramming the read, write, and protect functions of 
planar and processor, or the system configuration has the disk controller which are effected by the operation 
changed, and an error is generated, step 306. The sys- of routines stored in ROM 356. In operation, a disk 
tern will halt when the IBL record is incompatible with 45 instruction is initiated by the system processor and 
planar, model or submodel values, step 305. transferred to the disk controller 350. The disk control- 
Referring back to step 304, if the system planar ID ler receives and interprets the instruction to perform the 
value, model and submodel values match the corre- designated operation, step 400. The disk controller first 
sponding master boot record values, the MBR code determines if this is a write operation in which data 
loads the BIOS image from the selected media into the 50 from the system processor are stored on the disk drive 
system RAM, step 308. If a media load error occurs in hardware, step 402. If the instruction is a write instruc- 
reading the data, step 310, an error is generated and the tion, data are received from the system processor in 
system halts, steps 312 and 305. Referring back to step relative block address (KB A) format 
310, if no media load error occurs, a checksum is calcu- Prior to continuing the discussion above, a brief ex- 
isted for the BIOS image in memory, step 314. If the 55 planation of the relative block address format applied to 
checksum is invalid an error is generated and the system a mass storage device, such as a disk, may merit review, 
halts, steps 318 and 305. Referring back to step 316, if RBA is a scheme in which data in mass storage are 
the checksum is valid, the system partition pointers are addressed in predetermined sized blocks by sequential 
saved, step 320, and the system processor is vectored to numbers, i.e. individual definable contiguous blocks of 
POST Stage II to begin loading the system, step 322. 60 data. For example, assuming a block size of 1024 bytes, 
Referring to FIG. 8, there is shown a block diagram the system processor can approximately address 10,000 
of an intelligent disk controller 350 for controlling blocks for a 10 megabyte disk. That is, the system pro- 
movement of data between the disk drive 351 and the cessor can address the disk media in terms of N blocks 
system processor. It is understood that disk controller where N ranges from 0 to 9,999. It has been discovered; 
350 can be incorporated into the adapter card 60 while 65 that the use of RBA provides a very fast and efficient 
disk drive 351 can be included onto drive 62 of FIG. 2. method for addressing mass storage in the type of oper- 
A suitable disk controller 350 is a SCSI Adapter having ating systems used for personal computer systems of the 
a part number of 33F8740, which is manufactured by present invention. 



11/06/2003, EAST Version: 1.4.1 



5,022,1 

15 

For convenience sake, the following assumptions will 
be introduced: first, the disk can support a total of N 
blocks; second, the system processor transfers a K 
block, where K is greater than or equal to 0 and is less 
than or equal to (N — 1 ); third, the disk controller can set 5 
a maximum addressable block M which permits access 
to data blocks where K is less than M and denies access 
to data blocks where K is greater than or equal to M. 
Note, by setting M less than N a protectable region on 
the disk is generated from M to N — 1 blocks. This fea- 10 
ture permits the IBL media to be protected as will be 
discussed below. 

Continuing our discussion with reference to FIG. 9, 
the data are received from the disk in RBA format, step 
404. The disk controller then determines if the received 15 
block K is less than the maximum block value M, where 
M is less than N, step 406. If K is less than M then the 
disk controller converts the RBA format into the partic- 
ular format for the mass storage device, such as cylin- 
der-head-sector (CHS) format for a fixed disk, step 408. 20 
For instance, the disk controller by using a look up table 
could convert RBA addresses to unique cylinder-head- 
sector location. Another method is the use of a conver- 
sion formula to convert RBA to CHS. For example, for 
a disk having one head, 64 cylinders, and 96 sectors: 25 
Head=0, cylinders = quotient of RBA/(96), and sec- 
tors = remainder of RBA/(96). After converting the 
RBA format to a CHS format the data are written to 
disk at the converted CHS location, step 410. The disk 
controller then waits for another instruction from the 30 
system processor, step 412. 

Referring back to step 406, if the received RBA is 
greater than the maximum set RBA value, access is 
denied, step 414. That is if K is greater than or equal to 
M, the K block is not written to the disk. Please note, if 35 
the IBL media is stored in the blocks from M to N— 1, 
then the IBL media will be protected from writing. 

Referring back to step 402, if the instruction from the 
system processor is not a write instruction, it is tested 
for being a read instruction, step 416. If the instruction 40 
is a read instruction, the system processor sends the 
RBA format for the data requested, step 418. The disk 
controller then determines if the desired RBA (K) is less 
than the maximum set RBA (M). If the desired RBA 
(K) is less than the maximum set RBA (M), then the disk 45 
controller converts the RBA to the appropriate CHS 
format and reads the data from the disk, steps 422 and 
424. The data are then transferred to the system proces- 
sor, step 412. 

Referring back to step 420, if the received RBA (K) 50 
is greater than or equal to the maximum set RBA (M), 
access is denied, step 426. If the IBL media is stored 
between M blocks and (N— 1) blocks, access is denied 
to this area. Please note, that in this circumstance, the 
IBL media is also protected from copying. 55 

Referring back to step 416, if the instruction is not a 
write or read instruction, it is tested for a set maximum 
RBA instruction, step 428. This instruction allows the 
disk controller to create a protectable area or partition 
on the disk drive hardware. This instruction allows the 60 
disk controller to set M between 0 and N blocks, step 
430. It is important to note that when the disk controller 
is reset (through the reset signal) that M is set so that the 
maximum number of blocks are available. That is, when 
the disk controller is reset, M=N. Essentially, protec- 65 
tion for the protectable area is eliminated upon resetting 
the disk controller, allowing access to the area. How- 
ever, once the set maximum RBA instruction is exe- 
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cuted only a reset or another set maximum RBA in- 
struction will allow access to the protectable area. Con- 
ceptually, the setting of the maximum RBA can be 
thought of as setting a fence which protects access to 
the area above the fence while allowing access to the 
area below the fence. The disk controller then returns 
to wait for another instruction, step 412. 

Referring back to step 428, if the instruction is not a 
read, write, or set maximum RBA instruction, it is 
tested for another disk controller instruction and exe- 
cuted, step 432. These instructions will use the set maxi- 
mum RBA value but axe not important for the under- 
standing of the present invention and are not presented 
here for brevity purposes. The disk controller then 
returns to wait for another instruction, step 412. 

The explanation will now proceed to the operation of 
the loading in and protecting the IBL media in view of 
the proceeding discussion. In general, from either a cold 
start (power-on) or a warm start (alt-ctrl-del), the disk 
controller having the IBL media is reset. This causes 
the maximum RBA (M) to be set to N, i.e. the fence is 
removed allowing access to the IBL media. This is 
required to allow the system to load the IBL media to 
begin operation. Once the IBL media is loaded and 
executed the fence is erected (set maximum RBA below 
IBL media) to prevent access to the IBL media stored 
on disk. 

Referring now to FIG. 10, there is shown a block 
flow diagram effecting the protection of the IBL media. 
From a power-on condition the system is initialized and 
BIOS initiates activity in planar board logic to send a 
reset condition to the disk controller, steps 450 and 452. 
The reset signal drops the fence and allows the system 
processor to access the IBL media previously stored on 
the disk in the area from M blocks to N blocks. The 
system loads the IBL media as previously described 
with reference to FIG. 4-7, step 454. During the IBL 
loading sequence Post Stage II is executed, step 456. 
One of the tasks of POST Stage II is to execute the set 
maximum RBA instruction with the maximum RBA set 
to the first block of the IBL media which is designated 
as M, step 458. M is dependent upon partition type 
(none, partial or full) as previously explained. This in 
effect sets the fence denying access to the IBL media 
while allowing access to other regions of the disk. The 
operating system is then booted up in a normal fashion, 
step 460. 

If the system is started from a warm start condition, 
such as alt-ctrl-del, the planar logic is commanded to 
reset the disk controller by POST Stage II, steps 462 
and 464. This causes the fence to be dropped. In this 
circumstance, since the IBL media is already present in 
RAM, the IBL media is not loaded again. However, 
since the protection for the IBL media is eliminated 
POST Stage II must be executed to reset the fence, 
steps 456 and 458. The fence is erected protecting the 
IBL media and the system is then rebooted in a normal 
manner, step 460. 

Thus, there has been shown a method and apparatus 
for protecting access to the IBL media stored on a mass 
storage device, such as a disk drive. The IBL media is 
protected by addressing mass storage in blocks and 
setting a maximum block the system can access during 
normal operation. The IBL media is stored consecu- 
tively in those blocks between the maximum block ac- 
cessible and the total number of blocks supported by the 
disk drive. A reset signal sent to the disk controller 
eliminates the maximum block accessible to permit the 
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system to address the IBL media. The reset signal is 6. The apparatus of claim 1, wherein said first portion 

generated during a power-on condition or a warm-start of BIOS initiates the generation of the reset signal in 

condition to permit access to the IBL media to boot up response to a reset condition being applied to the per- 

the system. so nal computer system. 

While the invention has been illustrated in connection 5 7. The apparatus of claim 1, wherein the master boot 
with a preferred embodiment, it should be understood record further includes hardware configuration data, 
that many variations will occur to those of ordinary the hardware configuration data representing a hard- 
skill in the art, and that the scope of the invention is ware configuration of the personal computer system 
defined only by the claims appended hereto and equiva- which is compatible with said master boot record, and 
lent. 10 further wherein the read only memory includes system 

We claim: processor identification data representing a hardware 

1. An apparatus for protecting BIOS in a personal configuration of the system processor, wherein before 
computer system, the personal computer system having said remaining portion of BIOS is loaded into the ran- 
a system processor for executing an operating system, a dom access memory, said first portion of BIOS corn- 
read only memory, a random access memory, and at 15 pares the hardware configuration data from the master 
least one direct access storage device, said apparatus boot record with the system processor identification 
comprising: data from the read only memory to verify the master 

a direct access storage device controller having a boot record is compatible with the system processor, 

protection means for protecting a region of the at 8. The apparatus of claim 7, wherein the data segment 

least one direct access storage device, said protec- 20 of the master boot record includes a value representing 

tion means allowing access to the protected region a system planar which is compatible with the master 

in response to a reset signal; boot record and further wherein the system planar tur- 

a master boot record included in the protected region ther includes a means for uniquely identifying the sys- 

of the at least one direct access storage device, said tern planar in order to verify that the master boot record 

master boot record including an executable code 25 is compatible with the system planar, 

segment having means for loading information 9. The apparatus of claim 7, wherein the hardware 

from the at least one direct access storage device; configuration data from the master boot record includes 

a first portion of BIOS being included in the read a model value and a submodel value, wherein the model 

only memory, said first portion of BIOS initializing value identifies a system processor which is compatible 

the system processor and initiating generation of 30 with said master boot record and the submodel value 

the reset signal to the direct access storage device represent an I/O configuration of a system planer 

controller to permit the system processor to access which is compatible with the master boot record, and 

said master boot record in order to load said master further wherein said read only memory includes a cor- 

boot record into the random access memory; responding model value identifying the system proces- 

a remaining portion of BIOS being included in the 35 sor and a corresponding submodel value representing 
protected region of the at least one direct access the I/O configuration of the system planar, wherein 
storage device, said remaining portion of BIOS said model value and said submodel value of the master 
being loaded into the random access memory by boot record are compared to the corresponding model 
the executable code segment in response to said and the submodel value of the read only memory re- 
first portion of BIOS transferring control to the 40 spectively, in order to verify that the master boot re- 
executable code segment, the executable code seg- cord is compatible with the system processor and the 
ment transferring control to said remaining portion I/O configuration of the system planar, 
of BIOS to boot the operating system, said remain- 10. The apparatus of claim 1, wherein the personal 
ing portion of BIOS activating said protection computer system further includes a nonvolatile random 
means to prevent access to the protected region of 45 access memory being electrically coupled to the system 
the at least one direct access storage device during processor, said nonvolatile random access memory in- 
normal operations of the operating system. eluding data representing a system configuration, said 

2. The apparatus of claim 1, wherein the at least one data being updated when the system configuration is 
direct access storage device comprises a fixed disk. changed, wherein said first portion of BIOS compares 

3. The apparatus of claim 2, wherein said system 50 said data in the nonvolatile random access memory to 
processor transfers data records to a disk controller in corresponding data in the read only memory to deter- 
blocks being in a format which numbers the blocks mine if the configuration of the system has changed, 
sequentially, and further wherein said master boot re- 11. An apparatus for protecting a system resident 
cord and said remaining portion of BIOS are effectively program in a personal computer system, the personal 
stored in a higher ordered numbered of blocks. 55 computer system having a system processor, a read only 

4. The apparatus of claim 3, wherein said protection memory, a main memory, and at least one direct access 
means comprises setting a block addressable, storage device capable of storing a plurality of data 
said HiftTirpiim block, addressable being a lowest order records, said apparatus comprising: 

numbered block of the master boot record and the re- a first program being included in the read only mem- 
maining portion of BIOS, said protection means pre- 60 ory, said first program initializing the system pro- 
venting access to numbered blocks equal to or greater cessor, said first program further initiating the gen- 
than the maximum block addressable while permitting eration of a reset signal to the at least one direct 
access to numbered blocks less than the maximum block access storage device to permit access to the data 
addressable. records; 

5. The apparatus of claim 1, wherein said first portion 65 a loading means for loading data records from the at 
of BIOS initiates the generation of the reset signal in least one direct access storage device into the main 
response to the personal computer system being pow- memory, said loading means being stored in a pro- 
ered on. tectable partition of the at least one direct access 
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storage device, said loading means being read from 
the at least one direct access storage device into the 
main memory by said first program, wherein said 
first program activates said loading means; 

a main memory resident program image being stored 5 
in the protectable partition of the at least on direct 
access storage device, said main memory resident 
program image being read from the at least one 
direct access storage device into the main memory 
by said loading means to produce a main memory 1° 
resident program; 

means for protecting the protectable partition of the 
at least one direct access storage device, said means 
for protecting being activated by said main mem- 
ory resident program to prevent unauthorized ac- 15 
cess to said loading means and said main memory 
resident program image. 

12. The apparatus of claim 11, wherein said loading 
means further includes a validation means for confirm- 
ing the personal computer system is compatible with the 
main memory resident program. 

13. The apparatus of claim 12, wherein said validation 
means includes data representing a type of system pro- 
cessor and a configuration of a system planar coupled to ^ 
the system processor. 

14. The apparatus of claim 12, wherein said loading 
means comprises a master boot record having an exe- 
cutable code segment for effecting the loading of the 
main memory resident program, wherein said first pro- 3Q 
gram transfers control to said executable code segment 

to effect the loading of said main memory resident pro- 
gram image into the main memory. 

15. The apparatus of claim 11, wherein said first pro- 
gram includes a power on self test routine, said power 35 
on self test routine initializing and testing operating 
functions of the personal computer system necessary to 
load the main memory resident program. 

16. The apparatus of claim 15, wherein said power on 
self test routine initializes the system processor, the 40 
main memory, and the at least one direct access storage 
device. 

17. The apparatus of claim 11, wherein the at least 
one direct access storage device comprises a fixed disk 
drive wherein said loading means loads data records 45 
from said fixed disk drive into the main memory. 

18. The apparatus of claim 17, wherein said fixed disk 
drive includes a disk controller and further wherein said 
system processor transfers data records to said disk 
controller in blocks being in a format which numbers 50 
the blocks sequentially, and further wherein said main 
memory resident program image is effectively stored in 

a higher ordered number of blocks. 

19. The apparatus of claim 18, wherein said protec- 
tion means comprises setting a maximum block address- 55 
able, said maximum block addressable being a lowest 
order numbered block of the main memory resident 
program image, said protection means preventing ac- 
cess to numbered blocks greater than or equal to the 
maximum block addressable while permitting access to 60 
numbered blocks less than the maximum block address- 
able. 

20. The apparatus of claim 11, wherein said first pro- 
gram initiates generation of the reset signal in response 

to power being applied to the system. 65 

21. The apparatus of claim 11, wherein said first pro- 
gram initiates generation of the reset signal in response 
to a reset condition being applied to the system. 
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22. A device for preventing an unauthorized access of 
BIOS stored in a mass storage device in a personal 
computer system having a system processor, the mass 
storage device capable of storing a plurality of data 
blocks defined between a first and second data block 
extreme, BIOS being accessible by the system processor 
in the form of individual definable contiguous blocks of 
data, BIOS extending from a third data block extreme 
to a fourth data block extreme, the third and fourth 
extremes being bounded by the first and second ex- 
tremes, said device comprising: 

(a) controller device coupled between said system 
processor and said mass storage device for trans- 
forming a communication request from the system 
processor to physical characteristics of the mass 
storage device, the input/output requests being in 
the form of individual definable contiguous blocks 
of data; 

(b) first logic means for initiating the generation of a 
reset signal; 

(c) second logic means for generating a second signal 
for preventing access to the BIOS; and 

(d) protection means responsive to said reset signal 
for permitting access to said BIOS, said protection 
means being responsive to said second signal for 
setting a boundary at the third data block extreme 
to prevent access to the BIOS during normal exe- 
cution of authorized programs by the system pro- 
cessor. 

23. The device of claim 22, wherein the mass storage 
device comprises a fixed disk having input/output re- 
quests in the form of a cylinder, head and sector format, 
and further wherein said controller converts from data 
block format to cylinder, head and sector format. 

24. The device of claim 22, wherein said controller 
device includes an SCSI adapter card responsive to said 
system processor. 

25. The device of claim 22, wherein the first logic 
means initiates generation of the reset signal in response 
to a power on condition for the system processor. 

26. The device of claim 22, wherein the first logic 
means initiates generation of the reset signal in response 
to an input from a keyboard connected to the system. 

27. A method for protecting BIOS in a personal com- 
puter system, the system including a system processor, a 
read only memory, a random access memory, and direct 
storage access device, said method comprising the steps 
of; 

(a) storing a first portion of BIOS in the read only 
memory, the first portion of BIOS including means 
for initializing the system; 

(b) storing a master boot record and a remaining 
portion of BIOS in a protectable partition on the 
direct access storage device, the remaining portion 
of BIOS being resident in the random access mem- 
ory during normal operations of the personal com- 
puter system; 

(c) initializing the system and initiating the generation 
of a rest signal, said reset signal being effectively 
applied to the direct access storage device; 

(d) removing a protection to the protectable partition 
to permit the system processor to access the master 
boot record and the remaining portion of BIOS, 
the protection being removed in response to the 
reset signal; 

(e) loading the master boot record into the random 
access memory, the master boot record including 
an executable code segment; 
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(0 transferring control the executable code segment 
to load the remaining portion of BIOS into the 
random access memory; and 

(g) transferring control to the remaining portion of 
BIOS in the random access memory, the remaining 5 
portion of BIOS setting the protection on the pro- 
tectable partition to prevent unauthorized access to 
the master boot record and the remaining portion 
of BIOS stored in the protectable partition on the 
direct access storage device. 10 

28. The method of claim 27, further including the step 

(h) of verifying the master boot record is compatible 
with the system by comparing data stored in the first 
portion of BIOS with corresponding data stored in the 
master boot record. 15 

29. The method of claim 27, further including the step 

(i) of verifying the master boot record is compatible 
with the system processor by comparing data in the 
read only memory to corresponding data included in 
the master boot record. 20 

30. An apparatus for protecting a system resident 
program in a personal computer system, the personal 
computer system having a system processor, a random 
access memory, and at least one direct access storage 
device capable of storing a plurality of data records, 25 
said apparatus comprising: 

a first module configured for initializing and testing 
the system processor; 
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a second module configured for initializing the at 
least one direct access storage device to permit 
access to the data records; 

a third module configured for loading data records 
from the at least one direct access storage device 
into the random access memory, said third module 
configured for effecting the loading of a random 
access memory resident program image being 
stored in a protectable partition of the at least one 
direct access storage device, said random access 
memory resident program image being read from 
the at least one direct access storage device into the 
random access memory to produce a random ac- 
cess memory resident program; 

means for protecting the protectable partition of the 
at least one direct access storage device, said means 
for protecting being activated by said random ac- 
cess memory resident program to prevent unautho- 
rized access to said random access memory resi- 
dent program image. 

31. The apparatus of claim 30, further including a 
read only memory, said first, second and third module 
being a portion of said read only memory. 

32. The apparatus of claim 30, further including a 
validation means for confirming the personal computer 
system is compatible with the random access memory 
resident program. 
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